MySQL and the SQL Injection fiasco

Embarrassing it is indeed when one (particularly one at the top of their trade) gets caught not doing what they should have been doing by setting an example.

The knowledge of existence of SQL Injection  is so common that it goes without saying that sites have to guard themselves against these types of attacks. So when gets hit with SQL Injection (and successfully at that), you begin to wonder; where do we go and bang our heads now. Well, at least that’s how folks at MySQL might be feeling right now. See, even now if you google “mysql sql injection“, you get links on what SQL injection is, how it is used to exploit database weaknesses and how to prevent it. So isn’t it ironic, don’t you think when itself is the victim?

News of the successful SQL Injection attacks against and it’s parent Sun/Oracle (over the last weekend of March 2011) is all over the place. Here it is for you to enjoy consider:

This is by means not blaming MySQL database systems, since it is the website implementations that were all screwy. But, there is a message in this for all of us.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s